Matt Blaze's Technical Papers

Last updated 6 August 2006

Many of my technical papers are available here. Newer papers are usually
in Adobe PDF format; like it or not, PDF is the de facto standard format
for scientific papers these days. Most of the older papers are
in PostScript format; you'll need a PostScript printer or viewer (such as
GhostView) to read them. Most of these files have also been converted to
Adobe PDF format (using ps2pdf) and can be viewed or printed with a PDF
viewer such as Acrobat, acroread4, or xpdf. If you have a choice, you'll
probably find the PostScript version looks and works better than the PDF
version does (ps2pdf doesn't do particularly well with some of the fonts).
A few papers are available as plain ASCII text or LaTeX source.

Wiretapping, Surveillance and Countermeasures

The Trustworthy Network Eavesdropping and Countermeasures (TNEC) project
studies the reliability of communications interception systems and
technologies. A better understanding of the limitations of eavesdropping
techniques could lead to more trustworthy law enforcement wiretap
evidence (or at least more appropriate treatment of electronic evidence),
networks with properties that inherently frustrate (or facilitate)
interception, and new techniques for achieving communications security.

One of our first efforts is a comprehensive analysis of the wiretapping
technologies used by law enforcement (for both voice and data). We have found
serious exploitable weaknesses in fielded interception systems. For details,
including audio demos of novel eavesdropping countermeasures, see the
wiretapping web page here.

Another focus of the TNEC project examines local host-based surveillance.
The JitterBug demonstrates a novel eavesdropping threat
against typed keyboard input. Commercially-available hardware keyboard
"sniffers" can easily capture and store an unsuspecting user's keystrokes.
Because a subverted keyboard has no direct network connection,
sniffer attacks are generally assumed to require either support software
on the host or periodic in-person access by the attacker to retrieve the
data. We show that this need not be the case. A new technique based on
"JitterBugs" can exflitrate captured data entirely
through subtle perturbations in the precise times at which typed
keystrokes are passed to the host. Whenever a user runs an interactive
network application (such as SSH), an attacker can derive previously captured
keystrokes entirely by observing the timing of network
packets, even from across the Internet or via encrypted wireless traffic.
The JitterBug demonstrates that input devices must be scrutinized as part
of any trusted computing base and, more generally, that simple "supply chain
attacks" can represent a practical and serious threat to data
confidentiality. (Gaurav Shah and Andres Molina won the Best Student Paper
award at USENIX Security 2006 for this work.)

Physical and "Human-Scale" Security

Cryptologic techniques can be applied outside of computers and networks,
Perhaps surprisingly, the abstractions used in analyzing secure computing
and communications systems turn out also to be useful for understanding
mechnical locks and their keyspaces. Indeed, modeling master keyed locks
as online authentication oracles leads directly to efficient solutions
for what might naively seem like exponential problems for the attacker.
In fact, it seems like almost a textbook example, as if master keying
practices for locks were designed specifically to illustrate this
class of weakness. We sometimes assume that hardware-based security
is inherently superior to that based in software, but even the humble
mechanical lock can be just as insecure as complex computing systems,
and can fail in similar ways.

A widely circulated paper of mine describes attacks against master keyed
mechanical locks.
For an overview of the attack, which was described in the January
23rd 2003 New York Times, click here.
For a brief commentary on the reaction to this paper, see my essay,
"Keep it secret, stupid!" (click here),
which was originally posted to comp.risks.

(Warning: there are embedded photos in this paper; they make
the PS and PDF files very large. The GZIPed PostScript version is 5.7MB
long (uncompresses to 14MB), and the PDF version is 4MB long.)

My Notes on Picking Pin Tumbler Locks, intended primarily
for use by students in my security seminar, can be found
here [HTML].

While the security metrics and mechanical safeguards used in safes and vaults
may not rely on the latest technology, they are often quite ingenious.
They may have much to teach computer security. Some of what I
understand about the subject is in
the survey paper below (warning -- heavily illustrated 2.5MB .pdf file).
And for a brief commentary on the reaction to this paper, see
my essay, "the second sincerest form
of flattery" (click here),
which was originally posted to interesting-people.

Angelos Keromytis's KeyNote Trust Management toolkit and open-source
reference implementation is available
here as a
GZIPed TAR archive.
The toolkit
runs under most Unix-like (BSD, linux, etc.) platforms, with limited
support for Win32 platforms.

Also see Angelos Keromytis'
KeyNote web page for the latest details on the KeyNote implementation.

Remotely-Keyed Encryption

These papers introduce and formalize the notion of "remotely-keyed"
encryption, in which a low-bandwidth, but trusted device (such as a
smart card) assists a high-bandwidth, but untrusted host with bulk
encryption.

Network-Layer Security

These papers describe the design and implementation network-layer
and related security protocols, including JFK, a secure key
exchange protocol, and swIPe, a predecessor to the IPSEC standard.
(At this point, swIPe is of primarily historical interest, although
the USENIX paper should be of some value to IPSEC implementors. JFK
is a useful key exchange protocol that should be especially
valuable for IPSEC and network security key management).